测试SQL注入但会导致错误?
这个问题在这里已经有了答案:
$sql="SELECT username from `members` where password = :mypassword";
// Create prepared statement
$stm = $db->prepare($sql);
$stm->bindParam(':mypassword', $ans, PDO::PARAM_STR);
$stm->execute();
echo $stm->fetchColumn();
链接地址: http://www.djcxy.com/p/93823.html
上一篇: Testing for SQL injection but resulting in error?
下一篇: Is blocking query commands enough to prevent SQL injection?